Work Schedule
Standard (Mon-Fri)
Environmental Conditions
Office
Job Description
As part of the Thermo Fisher Scientific team, you’ll discover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier, cleaner and safer. We provide our global teams with the resources needed to achieve individual career goals while helping to take science a step beyond by developing solutions for some of the world’s toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer.
Position Overview
We are seeking a highly motivated and experienced Information Security Specialist to lead and strengthen our organization’s data protection and information security governance framework.
This role is responsible for building and operationalizing integrated privacy and security strategies, ensuring regulatory compliance (e.g., ISMS-P, local and global data protection regulations), and enabling secure growth in cloud and AI-driven environments.
This is not a purely operational role. The successful candidate will serve as a strategic risk control leader, embedding Privacy-by-Design and Security-by-Design principles across the organization.
Roles and Responsibilities
1. Information Security Governance
- Develop and implement enterprise-wide information security strategy and roadmap
- Conduct risk assessments and design internal control frameworks
- Lead ISMS / ISMS-P certification management, audit readiness, and continuous improvement
- Establish and maintain security policies, standards, and procedures
- Oversee cloud security governance and compliance posture
2. Privacy & Data Protection
- Own the organization’s privacy governance framework and lifecycle management
- Review new products, AI initiatives, and data use cases for regulatory compliance
- Design and implement controls to prevent data breaches, misuse, and unauthorized access
- Lead privacy impact assessments and risk evaluations
- Ensure compliance with domestic and international data protection regulations (e.g., GDPR, cross-border data transfer requirements)
3. Incident Prevention & Response
- Establish structured security incident prevention and response processes
- Lead post-incident analysis and remediation planning
- Reduce organizational exposure to regulatory and reputational risks
4. Security Awareness & Cross-Functional Leadership
- Lead security and privacy awareness programs
- Facilitate internal security working groups and governance forums
- Partner with Legal, IT, Product, HR, and Executive teams
5. AI & Emerging Technology Risk Management
- Implement security governance frameworks for AI systems (including generative AI and ChatGPT Agent environments)
- Design controls to mitigate data privacy and cybersecurity risks in advanced analytics and AI initiatives
Qualification
- Minimum 5+ years of experience in information security and/or data protection
- Proven experience in risk assessment and internal control design
- Experience managing ISMS-P or equivalent certification frameworks
- Strong understanding of data protection laws and regulatory compliance requirements
- Experience in incident prevention and response management
- Business-level proficiency in English (written and spoken) and fluent-level proficiency in Korean
Preferred Qualification
- Experience in global or multinational organizations
- Hands-on experience in ISMS-P audit or consulting
- Cloud security governance experience
- Professional certifications (CPPG, CISA, CISSP, ISO 27001 Lead Auditor, Information Security Engineer, etc.)
- Experience managing privacy risks in AI-driven environments
- Familiarity with ChatGPT Agent or AI automation tools